Method and System for Relating Cryptographic Keys

1. A method for relating cryptographic keys, comprising: providing, by a computing device, to a user a private share related to a key; generating, by the computing device, a new version of the key based on a previous version of the key; and publishing, by the computing device, a key rotation catalyst, wherein the new version of the key is determinable based on the key rotation catalyst and the private share, and wherein former versions of the key are determinable based on the key rotation catalyst.

2. The method of claim 1 , wherein said publishing further comprises: publishing at least one public share related to the key, wherein the new version of the key is determinable based on the key rotation catalyst, the private share, and the at least one public share.

3. The method of claim 1 , wherein said publishing further comprises revoking the user by publishing a version of the revoked user's private share.

4. The method of claim 1 , further comprising generating an initial key based on a random polynomial.

5. The method of claim 4 , wherein the private share comprises the value of the random polynomial evaluated at a point associated with the user.

6. A method for relating cryptographic keys, comprising: providing, by a computing device, to a user a private share related to a key; generating, by the computing device, a new version of the key based on a previous version of the key; and publishing, by the computing device, a key rotation catalyst, wherein the new version of the key is determinable based on the key rotation catalyst and the private share, and wherein former versions of the key are determinable based on the key rotation catalyst, wherein said publishing further comprises generating the key rotation catalyst by performing an encryption of a previous key rotation catalyst.

7. The method of claim 6 , wherein the encryption is according to an RSA (Rivest-Shamir-Adleman) encryption.

8. A method for relating cryptographic keys, comprising: providing, by a computing device, to a user a private share related to a key; generating, by the computing device, a new version of the key based on a previous version of the key; and publishing, by the computing device, a key rotation catalyst, wherein the new version of the key is determinable based on the key rotation catalyst and the private share, and wherein former versions of the key are determinable based on the key rotation catalyst; and determining a previous version of the key rotation catalyst by decrypting the key rotation catalyst.

9. The method of claim 8 , wherein said determining comprises determining a previous version of the key rotation catalyst by decrypting the key rotation catalyst according to an algorithm that is according to the RSA (Rivest-Shamir-Adleman) algorithm.

10. A method for relating cryptographic keys, comprising: providing, by a computing device, to a user a private share related to a key; generating, by the computing device, a new version of the key based on a previous version of the key; publishing, by the computing device, a key rotation catalyst, wherein the new version of the key is determinable based on the key rotation catalyst and the private share, and wherein former versions of the key are determinable based on the key rotation catalyst; and generating a previous version of the key by exponentiating the new version of the key by the key rotation catalyst.

11. A method of generating a cryptographic key comprising: generating, by a computing device, a new version of a key rotation catalyst based on a previous version of the key rotation catalyst; modifying, by the computing device, a portion of an exponent used in forming a current cryptographic key by the previous version of the key rotation catalyst; and forming, by the computing device, a first new cryptographic key from the current cryptographic key by exponentiating the current cryptographic key by an exponent comprising the modified portion of the exponent and a random polynomial evaluated at a point; and publishing, by the computing device, information to enable other nodes to generate the first new cryptographic key.

12. The method of claim 11 , further comprising: repeating said generating and modifying to form a further new version of the key rotation catalyst and a further modified portion of the portion of the exponent; and forming a further new cryptographic key from the first new cryptographic key by exponentiating the first new cryptographic key by an exponent comprising the further modified portion of the exponent and the random polynomial evaluated at the point.

13. The method of claim 11 , wherein publishing the information comprises publishing the previous version of the key rotation catalyst.

14. The method of claim 13 , further comprising: securely transferring a value of the random polynomial evaluated at a second point to a user.

15. A method of generating a cryptographic key comprising: generating, by a computing device, a new version of a key rotation catalyst based on a previous version of the key rotation catalyst; modifying, by the computing device, a portion of an exponent used in forming a current cryptographic key by the previous version of the key rotation catalyst; and forming, by the computing device, a first new cryptographic key from the current cryptographic key by exponentiating the current cryptographic key by an exponent comprising the modified portion of the exponent and a random polynomial evaluated at a point; and publishing, by the computing device, information to enable other nodes to generate the first new cryptographic key, wherein said generating comprises generating the new version of the key rotation catalyst by performing an encryption of the previous version of the key rotation catalyst that is according to an RSA (Rivest-Sbaniir-Adleman) encryption.

16. A computer readable storage medium having stored thereon instructions which when executed on a general purpose processor implement a method of managing encrypted data, comprising: transferring to a user a private share related to a cryptographic key; generating a new version of the cryptographic key based on a previous version of the cryptographic key; and publishing a key rotation catalyst, wherein the new version of the cryptographic key is determinable based on the key rotation catalyst and the private share without interacting directly with the key rotation catalyst publisher, and wherein former versions of the cryptographic key are determinable based on the key rotation catalyst.

17. The computer readable storage medium of claim 16 , wherein said publishing further comprises: publishing at least one public share related to the cryptographic key, wherein the new version of the cryptographic key is determinable based on the key rotation catalyst, the private share, and the at least one public share.

18. The computer readable storage medium of claim 16 , wherein said publishing further comprises revoking a user by publishing a version of a revoked user's private share, wherein other users have sufficient information to determine the new cryptographic key but the revoked user does not.

19. The computer readable storage medium of claim 16 , wherein said publishing further comprises comprising generating an initial cryptographic key based on a random polynomial.

20. A computer readable storage medium having stored thereon instructions which when executed on a general purpose processor implement a method of managing encrypted data, comprising: transferring to a user a private share related to a cryptographic key; generating a new version of the cryptographic key based on a previous version of the cryptographic key; and publishing a key rotation catalyst, wherein the new version of the cryptographic key is determinable based on the key rotation catalyst and the private share without interacting directly with the key rotation catalyst publisher, and wherein former versions of the cryptographic key are determinable based on the key rotation catalyst, wherein said publishing further comprises generating the key rotation catalyst by performing an encryption of the previous key rotation catalyst that is according to an RSA (Rivest-Shamir-Adleman) encryption.

21. A computer readable storage medium having stored thereon instructions which when executed on a general purpose processor implement a method of managing encrypted data, comprising: transferring to a user a private share related to a cryptographic key; generating a new version of the cryptographic key based on a previous version of the cryptographic key; publishing a key rotation catalyst, wherein the new version of the cryptographic key is determinable based on the key rotation catalyst and the private share without interacting directly with the key rotation catalyst publisher, and wherein former versions of the cryptographic key are determinable based on the key rotation catalyst; generating a previous version of the cryptographic key by exponentiating the current cryptographic key by the key rotation catalyst.

22. A computer readable storage medium having stored thereon instructions which when executed on a general purpose processor implement a method of managing encrypted data, comprising: transferring to a user a private share related to a cryptographic key; generating a new version of the cryptographic key based on a previous version of the cryptographic key; publishing a key rotation catalyst, wherein the new version of the cryptographic key is determinable based on the key rotation catalyst and the private share without interacting directly with the key rotation catalyst publisher, and wherein former versions of the cryptographic key are determinable based on the key rotation catalyst; and determining, when acting as a user, a previous version of the key rotation catalyst by decrypting the key rotation catalyst.

23. The computer readable storage medium of claim 22 , wherein said determining comprises determining a previous version of the key rotation catalyst by decrypting the key rotation catalyst according to an RSA (Rivest-Shamir-Adleman) algorithm.